When utilizing PSA crypto, enabling CONFIG_MBEDTLS_LEGACY_CRYPTO_C (such as by turning on OpenThread), the PSA crypto features such as native ITS storage are not functional.
Example prj.conf with working PSA:
Fullscreen
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
CONFIG_NRF_SECURITY=y
CONFIG_MBEDTLS_PSA_CRYPTO_C=y
# Enable persistent storage APIs
CONFIG_MBEDTLS_PSA_CRYPTO_STORAGE_C=y
CONFIG_PSA_NATIVE_ITS=y
CONFIG_MBEDTLS_ENABLE_HEAP=y
CONFIG_MBEDTLS_HEAP_SIZE=8192
CONFIG_PSA_CRYPTO_DRIVER_OBERON=y
CONFIG_PSA_CRYPTO_DRIVER_CC3XX=n
CONFIG_OBERON_BACKEND=y
CONFIG_CC3XX_BACKEND=n
CONFIG_PSA_WANT_ALG_CCM=n
CONFIG_PSA_WANT_ALG_GCM=y
CONFIG_PSA_WANT_ALG_CHACHA20_POLY1305=n
CONFIG_PSA_WANT_ALG_CMAC=n
CONFIG_PSA_WANT_ALG_RIPEMD160=n
CONFIG_PSA_WANT_ALG_MD5=n
CONFIG_PSA_WANT_ALG_ECB_NO_PADDING=n
This config generates build/modules/nrfxlib/nrfxlib/nrf_security/src/include/generated/nrf-config.h and build/modules/nrfxlib/nrfxlib/nrf_security/src/include/generated/nrf-config-user.h which have the PSA crypto features enabled.
Changing CONFIG_MBEDTLS_LEGACY_CRYPTO_C to y generates a build/modules/nrfxlib/nrfxlib/nrf_security/src/include/generated/nrf-config-user.h that is empty:
Fullscreen
1
2
3
4
5
6
7
8
/*
* Copyright (c) 2021 Nordic Semiconductor
*
* SPDX-License-Identifier: LicenseRef-Nordic-5-Clause
*
*/
/* This file is intentionally empty.*/
This prevents the PSA crypto features from functioning.